Modernizing Authentication — What It Takes to Transform Secure Access
Members of Team GhostShell recently published data on more than a million user accounts from 100 sites, calling the release "Team GhostShell's final form of protest this summer against the banks, politicians and for all the fallen hackers this year."
"The hacks are part of Project HellFire and they have been done in collaboration with MidasBank and OphiusLab. ... Files containing usernames, email addresses, passwords and other information have been posted online, apparently taken from organizations such as CIA Services (unrelated to the Central Intelligence Agency), Garret Group, Thailand’s Navy, Triage Consulting, Lion Capital, Commerce Bank of Wyoming, Chesley Consulting and the European Strabismological Association," writes Softpedia's Eduard Kovacs.
"Furthermore, Team GhostShell said it plans to give away access points to 'six billion databases from a Chinese mainframe full of Chinese and Japanese technology;' 'over 105 billion databases to a U.S. stock exchange mainframe;' and '3-4 different servers belonging to the Department of Homeland Security,'" Network World reports. "The Project HellFire hacks were reportedly accomplished in collaboration with two other hacking groups, MidasBank and OphiusLab."
"An analysis of the hacks by security biz Imperva reveals that most of the breaches were pulled off using SQL injection attacks -- simply tricking the servers into handing over a bit more information than they should," writes The Register's John Leyden. "'Looking at the data dumps reveals the use of the tool SQLmap, one of two main SQL injection tools typically deployed by hackers,' the company's researchers explained in a blog post."